Bash Shellshock Bug

You might have heard a fair bit in the news recently about the Bash Shellshock bug, which is the second major bug (alongside the OpenSSL Heartbleed bug) to hit the computing world this year. Heartbleed was a major security threat that could potentially allow an attacker to view a large amount of private data that would normally be safely encrypted, but it did not actually allow an attacker to directly take over a computer. The Shellshock bug, on the other hand, is a more major exploit that actually allows the attacker to take unauthorized control of an affected system and, with a complexity of exploitation rating of "low" given to it by Internet security firm Rapid7, it is not difficult for a hacker to take advantage of the Shellshock exploit. This bug effects any Unix-like operating system that makes use of Bash (Bourne-again shell) as its command-line interpreter, which includes Raspbian, Mac OS X, and a large number of Linux distributions. As the vast majority of websites out there run on Linux-based operating systems, this problem is a serious global issue. Perhaps the most surprising thing is that the bug has been present in Bash for 25 years since version 1.03! The good news for all of you Raspberry Pi users is that this is only really a security issue if your device is visible to the wider Internet and not just to your local area network (LAN). In any case, it is a good idea to fix the issue, and a patch has already been deployed to the Raspberry Pi repositories. You can get this patch by simply running an update in the usual manor:

sudo apt-get update
sudo apt-get upgrade

Eben Talks Display and Model A+

Eben Upton attended the recent Europe 2014 edition of the TechCrunch Disrupt series, which was held in Old Billingsgate in London. The Raspberry Pi founder brought with him an add-on board the Raspberry Pi Foundation and its associated partners have been talking about for months – the official display board. In the on-stage interview with TechCrunch's John Biggs, Upton confirms the device will include an 800x480 pixel WVGA (Wide VGA) display, complete with a 10-point capacitive touch screen interface. The interface board with the screen appears to have shrunk since the first iteration we saw in Manchester earlier this year, and it takes a shape similar to the HAT specification. Despite the HAT shape, the new device does not actually interface over the GPIO header but connects via the dedicated DSI connector, which, until now, has had no purpose. It has mount points that correspond to the new Model B+ and appears to actually mount underneath the Raspberry Pi. Upton doesn't mention a price yet, but he hints that the display will be available for purchase towards the end of 2014 or beginning of 2015. He also talks briefly about the Model A+, mentioning that the foundation hopes to make an announcement soon and that they think the A+ will be an "exciting product" that will "capture people's imaginations." [11].